svn commit: r265003 - head/secure/usr.sbin/sshd

Wed Aug 20 15:28:57 UTC 2014

On 8/20/2014 10:19 AM, Roger Pau Monné wrote:
> On 20/08/14 17:13, Konstantin Belousov wrote:
>> On Wed, Aug 20, 2014 at 04:41:05PM +0200, Roger Pau Monn?? wrote:
>>> On 27/04/14 07:28, Konstantin Belousov wrote:
>>>> Author: kib
>>>> Date: Sun Apr 27 05:28:14 2014
>>>> New Revision: 265003
>>>> URL: http://svnweb.freebsd.org/changeset/base/265003
>>>>
>>>> Log:
>>>>   Fix order of libthr and libc in the global dso list for sshd, by
>>>>   explicitely linking main binary with -lpthread.  Before, libthr
>>>>   appeared in the list due to dependency of one of the kerberos libs.
>>>>   Due to the change in ld(1) behaviour of not copying NEEDED entries
>>>>   from direct dependencies into the link results, the order becomes
>>>>   reversed.
>>>>   
>>>>   The libthr must appear before libc to properly interpose libc symbols
>>>>   and provide working rtld locks implementation.  The symptom was sshd
>>>>   hanging on rtld bind lock during nested symbol binding from a signal
>>>>   handler.
>>>>   
>>>>   Approved by:	des (openssh maintainer)
>>>>   Sponsored by:	The FreeBSD Foundation
>>>>   MFC after:	1 week
>>>>
>>>> Modified:
>>>>   head/secure/usr.sbin/sshd/Makefile
>>>>
>>>> Modified: head/secure/usr.sbin/sshd/Makefile
>>>> ==============================================================================
>>>> --- head/secure/usr.sbin/sshd/Makefile	Sun Apr 27 05:19:01 2014	(r265002)
>>>> +++ head/secure/usr.sbin/sshd/Makefile	Sun Apr 27 05:28:14 2014	(r265003)
>>>> @@ -57,6 +57,16 @@ CFLAGS+= -DNONE_CIPHER_ENABLED
>>>>  DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
>>>>  LDADD+= -lcrypt -lcrypto -lz
>>>>  
>>>> +# Fix the order of NEEDED entries for libthr and libc. The libthr
>>>> +# needs to interpose libc symbols, leaving the libthr loading as
>>>> +# dependency of krb causes reversed order and broken interposing. Put
>>>> +# the threading library last on the linker command line, just before
>>>> +# the -lc added by a compiler driver.
>>>> +.if ${MK_KERBEROS_SUPPORT} != "no"
>>>> +DPADD+= ${LIBPTHREAD}
>>>> +LDADD+= -lpthread
>>>> +.endif
>>>> +
>>>>  .if defined(LOCALBASE)
>>>>  CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
>>>>  .endif
>>>
>>> Hello,
>>>
>>> This change makes the following simple test program fail on the second 
>>> assert. The problem is that sa_handler == SIG_DFL, and sa_flags == 
>>> SA_SIGINFO, which according to the sigaction(9) man page is not 
>>> possible. With this change reverted the test is successful.
>> I do not quite follow.
>>
>> What are the relations between sshd and your test program ?
>> Should the test be run somehow specially ?
> 
> No, and frankly that's what I don't understand. I compile this simple
> test with `cc -o test test.c`. It fails with this commit applied, and
> succeeds without it.
> 
> Roger.
> 

Does it fail if you do not connect with ssh?

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20140820/6a99ffbd/attachment.sig>